Vacancy Name

Information Security Manager

Vacancy No

VN1273

Business Unit

Corporate

Job Location

UK, Europe, South Africa, India

Employment Type

Full Time

Job Details and Responsibilities

Summary:

The Information Security Manager (ISM) at Lemongrass is responsible for the creation, implementation, and ongoing management of the Lemongrass Security Framework (LSF). This framework spans all critical security domains including Cloud (AWS, Azure, GCP), Identity and Access Management (IAM), Operations, Data, Artificial Intelligence (AI), SAP on Cloud, and Product Development.

The ISM ensures that security is embedded by design, by default, and by operation, guiding the business and technical teams to align with industry best practices and compliance standards. This role is crucial in safeguarding Lemongrass and its client environments by promoting a proactive security culture, ensuring that policies, standards, procedures, and guidelines are comprehensive, current, and operationally enforced.

Responsibilities:

• Security Framework Development: Lead the design and evolution of the LSF to cover all operational and technical domains, including data classification, protection, governance, and lifecycle management.
• Policy & Governance: Develop and maintain security policies, ensuring supporting standards, procedures, and guidelines are created by relevant teams and aligned to regulatory and business needs.
• Operational Assurance: Establish and oversee security compliance mechanisms across the business, ensuring secure‑by‑default practices in architecture, deployment, and operations.
• Security Compliance & Testing: Lead ongoing compliance assessments and internal audits and provide reporting at client and business unit levels.
• Client‑Facing Advisory: Act as a subject‑matter expert and advisor on security and risk management, supporting pre‑sales engagements, Monthly Service Reviews (MSRs), and Quarterly Business Reviews (QBRs).
• Cross‑Functional Engagement: Partner with Architecture, DevOps, SAP, and AI teams to ensure that security is built‑in, not bolted on.
• Security Awareness & Culture: Promote a strong security culture through internal guidance, awareness campaigns, and training.
• Continuous Learning and Development: Stay updated on the latest cloud security trends, technologies, and regulatory changes. Participate in ongoing professional development and certification.
• Promote automation: Work with our Security Engineers to ensure that our controls are applied and governed through automated means wherever possible.

Supervisory Responsibilities:

• No direct line management, but strong influence across Architecture, Product, Operations, and Customer Success teams.
• May lead virtual security working groups and mentor staff in security‑related responsibilities

Qualifications

Required Skills/Abilities:

• Security Governance & Frameworks: Deep knowledge of ISO 27001, NIST, CIS, CSA CCM, SOC2 and secure development lifecycle principles.
• Cloud Security: Strong understanding of cloud‑native security across AWS, Azure, and GCP.
• SAP & AI Security: Awareness of security requirements for SAP on Cloud and modern AI/ML platforms.
• Data Security & Governance: Experience with data classification models, data loss prevention (DLP), encryption, and compliance frameworks (e.g., GDPR, HIPAA, CCPA).
• Risk & Compliance: Ability to lead risk assessments, develop mitigation strategies, and map controls to compliance standards.
• Communication & Influence: Strong skills in translating technical controls into business language and influencing at all organisational levels.
• Documentation & Reporting: Skilled in producing comprehensive policy documents, compliance reports, and security dashboards.

Security Framework Design

• Designing, implementing and evolving comprehensive security frameworks (e.g., LSF)

Cloud Security

• Knowledge of AWS, Azure, GCP security capabilities and governance

Data Security & Governance

• Ability to manage data classification, protection, retention, and privacy

IAM & Policy Management

• Deep expertise in managing IAM policies, roles, and access controls

Risk & Compliance

• Ability to assess, report and drive remediation of risks across cloud and operations

Security Governance

• Development of policies, standards, and assurance frameworks

Cross‑Team Collaboration

• Ability to lead without authority and engage multiple technical/business teams

Reporting & Reviews

• Clear, concise security reporting for MSRs and QBRs

Customer Advisory

• Comfortable advising customers on information and risk management

Strategic Thinking

• Capability to shape long‑term security posture aligned to business goals

Education and Experience:

• Minimum of 5 years of experience in Information Security, including governance, risk, and compliance (GRC) functions.
• Experience designing and implementing enterprise security frameworks in a cloud‑native or hybrid environment
• Relevant maintained professional certifications such as CISM, ISO 27001 Lead Implementer.

Additional Requirements:

• Occasional travel may be required.
• The selected applicant will be subject to a background investigation, which will be conducted and the results of which will be used in compliance with applicable law.

Lemongrass Consulting is proud to be an Equal Opportunity and affirmative action employer. We do not discriminate on the basis of race, religion, color, national origin, religious creed, gender, sexual orientation, gender identity, gender expression, age, genetic information, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.

About Lemongrass

Lemongrass (lemongrasscloud.com) is a global leader in SAP consulting, focused on helping organizations transform their business processes through innovative solutions and technologies. With a strong commitment to customer success, Lemongrass partners with companies to drive their digital transformation journeys, enabling them to unlock the full potential of their SAP investments.

We do this with our continuous innovation, automation, migration and operation, delivered on the world's most comprehensive cloud platforms – AWS, Azure and GCP and SAP Cloud ERP. We have been working with AWS and SAP since 2010 and we are a Premier Amazon Partner Network (APN) Consulting Partner. We are also a Microsoft Gold Partner, a Google Cloud Partner and an SAP Certified Silver Partner.

Our team is what makes Lemongrass exceptional and why we have the excellent reputation in the market that we enjoy today. At Lemongrass, you will work with the smartest and most motivated people in the business. We take pride in our culture of innovation and collaboration that drives us to deliver exceptional benefits to our clients every day.